Closed Bug 401262 Opened 18 years ago Closed 16 years ago

Add Certicámara S.A. root CA cert

Categories

(CA Program :: CA Certificate Root Program, task)

Product:
CA Program
Component:
CA Certificate Root Program
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: webmaster, Assigned: kathleen.a.wilson)

References

Details

Attachments

(3 files, 1 obsolete file)

Initial Information Gathering Document
105.50 KB, application/msword
Details
File with answers
105.00 KB, application/msword
Details
Completed Information Gathering Document
80.79 KB, application/pdf
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.8) Gecko/20071008 Firefox/2.0.0.8 Build Identifier: Certificate data for the CA certificates requested for inclusion: http://www.certicamara.com/certicamara.crt http://www.certicamara.com/ac_offline_raiz_certicamara.crt http://www.certicamara.com/ac_online_subordinada_certicamara.crt All three certificates issues certificates for each of the following purposes o SSL-enabled servers o digitally-signed and/or encrypted email o digitally-signed executable code objects Certificate Policy and Certification Practice Statement: http://www.certicamara.com/dpc http://www.certicamara.com/templates/cc/images/dpc/DPC_Octubre_de_2007.pdf information as to how the CA has fulfilled the requirements stated above regarding its verification of certificate signing requests and its conformance to a set of acceptable operational criteria: https://cert.webtrust.org/ViewSeal?id=441 CA Details ---------- CA Name: CERTICAMARA S.A. Website: www.certicamara.com One Paragraph Summary of CA, including the following: - General nature: Commercial - Primary geographical area(s) served: Colombia and Andean Region - Number and type of subordinate CAs: 1 Subordinate CA Audit Type (WebTrust, ETSI etc.): WebTrust Auditor: Deloitte & Touche Auditor Website: www.deloitte.com Audit Document URL(s): https://cert.webtrust.org/SealFile?seal=441&file=pdf URL of certificate hierarchy diagram: Certificate Details ------------------- certicamara.crt Certificate Name: Certificado Empresarial Clase-A Summary Paragraph, including the following: This is the unique root certificate authorized by Industry & Commerce Department of Colombia, also is approved by WebTrust Seal. We are authorized to issue certificates with the following purpose: o SSL-enabled servers o digitally-signed and/or encrypted email o digitally-signed executable code objects Certificate HTTP URL (on CA website): http://www.certicamara.com/certicamara.crt Version:V3 SHA1 Fingerprint:8b 1a 11 06 b8 e2 6b 23 29 80 fd 65 2e 61 81 37 64 41 fd 11 Modulus Length (a.k.a. "key length"): RSA (2048 bits) Valid From (YYYY-MM-DD):Wed, 23 may 2001 05:00:00 p.m Valid To (YYYY-MM-DD):Mon, 23 may 2011 05:00:00 p.m. CRL HTTP URL:http://www.certicamara.com/certicamara.crl CRL issuing frequency for end-entity certificates: 3 days OCSP URL: not available Class (domain-validated, identity/organisationally-validated or EV): Certificate Policy URL: http://www.certicamara.com/dpc http://www.certicamara.com/templates/cc/images/dpc/DPC_Octubre_de_2007.pdf CPS URL: http://www.certicamara.com/dpc http://www.certicamara.com/templates/cc/images/dpc/DPC_Octubre_de_2007.pdf Requested Trust Indicators (email and/or SSL and/or code): email, SSL and code signing URL of website using certificate chained to this root (if applying for SSL): https://www.certicamara.com/ *.ALTOCOMISIONADOPARALAPAZ.GOV.CO *.PRESIDENCIA.GOV.CO *.SUPERSERVICIOS.GOV.CO *.UNE.NET.CO ADMIN.BBVAHORIZONTE.COM.CO ALCATRAZ.UIS.EDU.CO APLICA.CCB.ORG.CO APLICACIONES.ADECCO.COM.CO ATENTO.COM.CO AUTHSERV.MINHACIENDA.GOV.CO BANCAEMPRESARIAL.BANCOCAJASOCIAL.COM.CO BANCAEMPRESARIAL.COLMENA.COM.CO BANKSERVER.SHD.GOV.CO CHAT.MINEDUCACION.GOV.CO CLIENTES.ARAS.COM.CO COLIBRI.UIS.EDU.CO COMERCIO.CCB.ORG.CO CONEXION.BBVAHORIZONTE.COM.CO CORREO.COLSUBSIDIO.COM CORREO.CREDISEGURO.COM.CO correo.eltiempo.com.co CORREO.MAPFRE.COM.CO CORREO.MEDELLIN.GOV.CO CORREO.MINEDUCACION.GOV.CO CREGAS.CREG.GOV.CO DOCUTECH.SETECSA.COM DONACIONES.ACCIONSOCIAL.GOV.CO EMPLEOPUBLICO.GOV.CO ENCUESTAS.COLSEGUROS.COM ENLINEA.BANCOCAJASOCIAL.COM.CO EOLO.HOMECENTER.COM.CO EOLO2.HOMECENTER.COM.CO EROS.CORREDORES.COM ESERVICES.ETB.COM.CO ETBADMIN.ETB.NET.CO FACTURA.ETB.NET.CO FACTURA.TELECOM.NET.CO FCV.ORG GESTION.PYMESETB.COM GPNBA.ETB.NET.CO HTTP2.TELEDATOS.COM.CO INTERNETHOGARES.UNE.COM.CO INTERNETPREPAGO.UNE.NET.CO INTRANET INTRANET.AVIANCA.COM ISA.CIAT.CGIAR.ORG JUEGOS.ETB.NET.CO LOGIN.SUPERFINANCIERA.GOV.CO LOSSCONTROL.COLSEGUROS.COM MAIL.CO.CONVERGENCE-I.COM MDEVBV01W3 MUISCA.DIAN.GOV.CO ORFEO.ACCIONSOCIAL.GOV.CO PAGOS.ETB.COM.CO PORTAL.AGRICOLADESEGUROS.COM.CO PORTAL.COLSEGUROS.COM PORTAL.JLTCOLOMBIA.COM PORTAL.MAPFRE.COM.CO REDEBANMULTICOLOR.COM.CO SAWA.USC.EDU.CO SEGURO.FIDUCAFE.COM.CO SEGURO.THOMAS-TDV.COM SERVICIOS.GASNATURAL.COM.CO SERVICIOS.SSI-SURAMERICANA.COM SIRI.PROCURADURIA.GOV.CO SSIO.ICONTEC.ORG.CO STORE.SONYSTYLE.COM.CO SVCNET.HOCOL.COM.CO TELEVISIONHOGARES.UNE.COM.CO TIENDA.ETB.NET.CO TODONET.UNE.NET.CO TRANSACCIONES.CORFICOLOMBIANA.COM TRANSACCIONES.CORFICOLOMBIANA.COM.CO VENTAS.CANALCARACOL.COM VIRTUAL.COMFENALCOVALLE.COM.CO WEBCOMERCIO.UNE.NET.CO WEBCV.ETB.COM.CO WEBSERVER2.DELOITTE.COM.CO WINTERNO.CERTICAMARA.COL WSDELIMA.COLSEGUROS.COM WSERVICES.BANCODEBOGOTA.COM.CO WWW.AFILIACIONESPDA.NET WWW.AGRICOLADESEGUROS.COM WWW.ARCEC.COM.CO WWW.AUDIFARMA.COM.CO WWW.AVANTEL.COM.CO WWW.BANCAINTERACTIVA.BANCOCAJASOCIAL.COM.CO WWW.BANCODECREDITO.COM.CO WWW.BOLNET.COM.CO WWW.BONOSPENSIONALES.GOV.CO WWW.BRINKSCOLOMBIA.COM.CO WWW.CAMARADIVISAS.COM WWW.CANAPRO.ORG.CO WWW.CAVIPETROL.COM WWW.CCCP.ORG.CO WWW.CELLSTAR.COM.CO WWW.CENTERGROUP.STRATTEGI.COM WWW.CIOH.ORG.CO WWW.CODENSA.COM.CO WWW.COLSANITAS.COM WWW.CREDIMAPFRE.COM.CO WWW.DIMAR.MIL.CO WWW.EFECTIVO.COM.CO WWW.ENLACE-APB.COM WWW.EN-LINEA.COLMENA.COM.CO WWW.ENLINEAEMPRESARIAL.COLMENA.COM.CO WWW.ENSOBRAMATIC.COM WWW.ESBUS.TRANSFIRIENDO.COM WWW.FACTORINGMARKET.NET WWW.FESA.COM.CO WWW.FONDOSDEINVERSIONBOLIVAR.COM WWW.GESTIONESYCOBRANZAS.COM WWW.HFS.COM.CO WWW.HOTELOPERA.COM.CO WWW.INVERSORA.COM.CO WWW.INVESA.COM.CO WWW.ISS.GOV.CO WWW.JCCCONTA.GOV.CO WWW.LASEGURIDAD.WS WWW.MAPFRE.COM.CO WWW.MICOMPANIA.COM.CO WWW.PANAMERICANA-OUTSOURCING.COM.CO WWW.PARSERVI.COM WWW.PASTEURLAB.COM WWW.PROV-CARREFOUR.COM.CO WWW.ROYAL-TEC.COM WWW.SCHNEIDERONLINE.COM.CO WWW.SHD.GOV.CO WWW.SICEX.COM WWW.SKANDIA.COM.CO WWW.SOCIEDADESBOLIVAR.COM.CO WWW.SPRBUN.COM WWW.STRATTEGI.COM WWW.SUBOCOL.COM WWW.SUI.GOV.CO WWW.SUPERFINANCIERA.GOV.CO WWW.TELEDATOSZF.COM WWW.UIS.EDU.CO WWW.ULTRABURSATILES.COM WWW.XMARTLINK.COM WWW2.SUAPORTE.COM.CO WWW3.SUAPORTE.COM.CO Reproducible: Always Steps to Reproduce: 1. 2. 3.
Certificate Details ------------------- ac_offline_raiz_certicamara.crt Certificate Name: AC Raíz Certicámara S.A. Summary Paragraph: This is the new root CA certificate authorized by Industry & Commerce Department of Colombia, to replace the certicamara.crt certificate We are authorized to issue certificates with the following purpose: o SSL-enabled servers o digitally-signed and/or encrypted email o digitally-signed executable code objects Certificate HTTP URL (on CA website): http://www.certicamara.com/ac_offline_raiz_certicamara.crt Version:V3 SHA1 Fingerprint: 2a fc 54 31 ab cb a9 d3 e7 2d b3 c7 81 54 03 42 ca 62 96 bb Modulus Length (a.k.a. "key length"): RSA (4096 bits) Valid From (YYYY-MM-DD):Mon, 27 november 2006 03:46:29 p.m. Valid To (YYYY-MM-DD):Sun, 21 october 2057 03:40:55 p.m. CRL HTTP URL:http://www.certicamara.com/repositoriorevocaciones/ac_raiz_certicamara.crl CRL issuing frequency for end-entity certificates: 1 year OCSP URL: not available Class (domain-validated, identity/organisationally-validated or EV): Certificate Policy URL: http://www.certicamara.com/dpc http://www.certicamara.com/templates/cc/images/dpc/DPC_Octubre_de_2007.pdf CPS URL: http://www.certicamara.com/dpc http://www.certicamara.com/templates/cc/images/dpc/DPC_Octubre_de_2007.pdf Requested Trust Indicators (email and/or SSL and/or code): email, SSL and code signing URL of website using certificate chained to this root (if applying for SSL): https://www.certicamara.com/ Certificate Details ------------------- ac_online_subordinada_certicamara.crt Certificate Name: AC Subordinada Certicámara S.A. Summary Paragraph: This is the new subordinate CA certificate authorized by Industry & Commerce Department of Colombia, to replace the certicamara.crt certificate We are authorized to issue certificates with the following purpose: o SSL-enabled servers o digitally-signed and/or encrypted email o digitally-signed executable code objects Certificate HTTP URL (on CA website): http://www.certicamara.com/ac_online_subordinada_certicamara.crt Version:V3 SHA1 Fingerprint: c0 c4 e1 fe 24 17 5a 56 f2 fa 96 7f fd a7 b0 33 3b 19 69 dd Modulus Length (a.k.a. "key length"): RSA (2048 bits) Valid From (YYYY-MM-DD):Mon 27 november 2006 04:19:02 p.m. Valid To (YYYY-MM-DD):Mon 27 november 2056 04:16:46 p.m. CRL HTTP URL:http://www.certicamara.com/repositoriorevocaciones/ac_subordinada_certicamara.crl CRL issuing frequency for end-entity certificates: 3 days OCSP URL: not available Class (domain-validated, identity/organisationally-validated or EV): Certificate Policy URL: http://www.certicamara.com/dpc http://www.certicamara.com/templates/cc/images/dpc/DPC_Octubre_de_2007.pdf CPS URL: http://www.certicamara.com/dpc http://www.certicamara.com/templates/cc/images/dpc/DPC_Octubre_de_2007.pdf Requested Trust Indicators (email and/or SSL and/or code): email, SSL and code signing URL of website using certificate chained to this root (if applying for SSL): https://www.certicamara.com/
URL of certificate hierarchy diagram: http://www.certicamara.com/certificate_hierarchy_diagram.jpg
Summary: Certicámara S.A. root cert inclusion into browser → Add Certicámara S.A. root CA cert
Accepting this bug and putting it in the queue with the other CA requests.
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
(In reply to comment #3) > Accepting this bug and putting it in the queue with the other CA requests. > Thank you Frank
(In reply to comment #3) > Accepting this bug and putting it in the queue with the other CA requests. > Dear Frank and Eddy, We was update our audit review, you can find the report at https://cert.webtrust.org/ViewSeal?id=750 Best Regards, Leonardo Maldonado
Assigning to Kathleen Wilson to do information gathering for this request. This is the first step in considering this request and potentially approving it. The whole process might take 2-3 months.
Assignee: hecker → kathleen95014
Status: ASSIGNED → NEW
As per Frank’s note, I have been asked to do the information gathering and verification for this request. Attached is the initial information-gathering document which summarizes the information that has been gathered and verified. Within the document I have highlighted in yellow the information that is still needed, and I will summarize below. 1) Note that I have not included ac_online_subordinada_certicamara.crt because we only include root certificates, not intermediates. 2) Do you still need “Certificado Empresarial Clase-A” included by default in Firefox? I’m asking because it will expire in 2011 and is being replaced by “AC Raíz Certicámara S.A.” 3) Note that the data originally provided for “AC Raíz Certicámara S.A.” has changed. I have included the updated SHA-1 fingerprint and valid-to date in the attached document. 4) Is there a statement in the CP/CPS that specifies the frequency of update for the CRLs for the end-entity certificates chaining up to the “AC Raíz Certicámara S.A.” root? Would you please translate the relevant text into English? Usually the CRL issuing frequency for end-entity certs looks like: “after a certificate's revocation, or every 42 hours.” 5) I am supposed to review the CP/CPS to ensure that procedures are in place to do the following. Would you please translate the relevant text from the latest CP or CPS into English? a) For SSL, verify that the domain referenced in the certificate is owned/controlled by the certificate subscriber. b) Verify the email account associated with the email address in the cert is owned by the subscriber, in addition to verification of subscriber’s legal identity. c) Verify identity information in code signing certificates is that of subscriber d) Make sure it’s clear which checks are done for which context (cert usage) We are looking for text that describes exactly what information is verified, and how the information is verified. 6) Please specify if the verification performed on certificates chaining up to these roots is DV and/or OV. DV means that the domain name referenced in the certificate is verified to be owned/controlled by the certificate subscriber. (Note that per the Mozilla policy this verification must be done in addition to any verification of the subscriber’s legal identity. Certificates for which only this level of verification is done are commonly referred to as DV certificates.) OV means that the Organization attribute is verified to be that associated with the certificate subscriber. (Certificates for which this level of verification is done are commonly referred to as OV certificates.) Please provide the translated text from the CP/CPS where this information is provided. 7) Please provide URLs whose website certs chain up to these roots (one for each root). The URL that was provided earlier (https://www.certicamara.com/) does a redirect to http. 8) I’m supposed to review the CP/CPS for potentially problematic practices, as per http://wiki.mozilla.org/CA:Problematic_Practices. Would you please comment as to whether any of these are relevant. If relevant, please provide further info: • Long-Lived Domain-Validated SSL certs • Wildcard DV SSL certs • Issuing end entity certs directly from root rather than using an offline root and issuing certs through a subordinate CA • Allowing external entities to operate subordinate CAs – in this case need to demonstrate that the external entities are required to follow the CPS and are audited as such. Thanks, Kathleen
Attached file File with answers
InfoGathering answers (highlighted in gray).
Hello Kathleen, I attach the original document of Initial Information Gathering Document with our comments highlighted in gray. We sent a new version of CPS to the national department of industry and commerce in Colombia (Because they have to approve the publication of updates in Certicamara's website), we include some content to satisfy 100% the information requested in the gathering document, and we hope to get the authorization to publish it on next month (i have to include a new content about the OV ssl certs). Please let me know if you need a full translated text of our CPS or any other information to get your approval concept. Best Regards, Leonardo Maldonado Certicámara S.A.
Thank you for your very thorough response. The information all looks good, but I am having difficulty with the example website for the AC Raíz Certicámara S.A. root. I have installed the root at http://www.certicamara.com/ac_offline_raiz_certicamara.crt But when I go to https://www.certicamara.com/index.php I get the error code: sec_error_unknown_issuer I apologize for this inconvenience. Would you please double-check that this works for you, and let me know if I need to do something else to get this to work? Thanks, Kathleen
Thank you Kathleen, Please let me know what version of FireFox or Mozilla you are using to browse the site. I found information related with the error you described in http://support.mozilla.com/tiki-view_forum_thread.php?locale=pl&comments_parentId=64923&forumId=1 and maybe it could be happen with FF3. I think maybe that FF3 verifies if Certicamara is recognized as a known issuer by Mozilla in the mozilla internet site or another online way (I'm not sure), but it can't find it because this is our first request to be included into Mozilla certificate store as a known issuer. Certicamara in the past only request to be included in the Microsoft Store, and we are scheduled to be included in the next security update that Microsoft releases in October. If you are using FF3, please click on "Add Exception..." button, and let me know if you find another error code. Thank you for your help and patience. Best Regards, Leonardo
In order for the test site to work for the newer cert, need to also install the subordinate CA: http://www.certicamara.com/ac_online_subordinada_certicamara.crt
The information-gathering phase of this request is complete. I’m assigning the bug back to Frank so he can proceed with the next phase. There are two roots to be considered for inclusion. I will update the pending list to include both roots, but there will be a delay before these changes are visible. There are two items to note in regards to the old root. Certicámara would still like to include the old root, because they have customers whose certificates chain up to this root and expire in 2010. 1) End entity certificates were directly issued from the old root rather than using an offline root and issuing certs through a subordinate CA. This has been fixed with the new root. 2) Certicámara issued wildcard certificates off of the old root, but as of 2008 they do not issue any more wildcard certs. This may not really be a concern, because Certicámara does validate the organizational identity (OV) for SSL certs. Kathleen
Assignee: kathleen95014 → hecker
Status: NEW → ASSIGNED
Whiteboard: Information confirmed complete
According to the queue for public discussion at https://wiki.mozilla.org/CA:Schedule#Queue_for_Public_Discussion it is time to update/finalize the information for this request to get ready for public discussion. In regards to Comment #9, “We sent a new version of CPS to the national department of industry and commerce in Colombia (Because they have to approve the publication of updates in Certicamara's website)” Is the new CPS available? If yes, what is the URL?
Good Afternoon Dear Kathleen, and sorry for not reply early, We was update our CPS on March of 2009, when the National Department of Industry and Commerce was accept a new kind of certificate policy called "Persona Juridica Entidad Empresa" that means in English Enterprise Legal Person Entity. The CPS was published on the following URL http://www.certicamara.com/index.php?option=com_content&task=category&sectionid=22 (that contains our updated CPS, our past two CPS and comments for changes in the last two versions). Also we want to know an approximate schedule to finish our process, that begun on 2007-10-26.
Updated the Information Gathering document to reflect the updated CPS, and converted to pdf format in preparation for the public discussion.
Attachment #335793 - Attachment is obsolete: true
Re-assigning this bug to Kathleen Wilson, since she's the person actively working on it.
Assignee: hecker → kathleen95014
I am now opening the first public discussion period for this request from Certicámara to add the Certificado Empresarial Clase-A and the AC Raíz Certicámara S.A. root certificates to Mozilla. Public discussion will be in the mozilla.dev.security.policy newsgroup and the corresponding dev-security-policy@lists.mozilla.org mailing list. http://www.mozilla.org/community/developer-forums.html https://lists.mozilla.org/listinfo/dev-security-policy news://news.mozilla.org/mozilla.dev.security.policy Please actively review, respond, and contribute to the discussion.
Whiteboard: Information confirmed complete → In public discussion
The discussion is in the mozilla.dev.security.policy newsgroup with the subject "Certicámara Root Inclusion Request". There is discussion about the older Certificado Empresarial Clase-A root. It is possible that this root will not be accepted for inclusion, but a representative from Certicámara should respond to provide clarification about this root. It is likely that the AC Raíz Certicámara S.A. root will be approved, but there is a request that the example webserver be configured to properly send the intermediate root as required by TLS and NSS. Would a representative of Certicámara please respond to the discussion thread?
Good Morning Kathleen, Eddy & Kyle, Thanks for your review, we agree with that is unreasonable to include now the Certificado Empresarial Clase-A root, but we ask to Mozilla the inclusion from 2006, but unfortunately, the inclussion process is too long and that root certificate getting older during the process and the NIST criteria become more strictly about the characteristics that must have a root certificate Also we are agree too with inclusion of our new root without second comments period, but i´m worried about that Eddy & Kyle want to review documents in English. Please let me know what documents you need to review in English to start a translation as you need. We are really hurry about the inclusion of our new root, because there are increased number of customer that use Mozilla products, and we think that we ask for inclusion a very long time ago. Please let me know any other comment. In the URL https://www.certicamara.com/index.php you can fint a certificate that include the intermediate CA certificate, i check configuration to verify that send according TLS and NSS. Best Regards, Leonardo Maldonado Certicamara
The public comment period for this request is now over. This request has been evaluated as per sections 1, 5 and 15 of the official CA policy at http://www.mozilla.org/projects/security/certs/policy/ Here follows a summary of the assessment. If anyone sees any factual errors, please point them out. To summarize, this assessment is for Certicámara’s request to add two new root CA certificates to the Mozilla root store: 1) The Certificado Empresarial Clase-A root issues end entity certificates directly. Certicámara has a significant number of customers that use this certificate that expires on 2011, and their certificates expire in 2010. During the public discussion agreement was reached that this root would not be included. 2) The AC Raíz Certicámara S.A. root issues one internally-operated subordinate CA which issues certificates for SSL, code-signing, and email. The following information pertains to the request to add this root and to enable it for all three trust bits. Section 4 [Technical]. I am not aware of any technical issues with certificates issued by Certicámara, or of instances where they have knowingly issued certificates for fraudulent use. If anyone knows of any such issues or instances, please note them in this bug report. Section 6 [Relevancy and Policy]. Certicámara appears to provide a service relevant to Mozilla users: It is a commercial company serving the Colombia and Andean Regions. The certificate policies for Certicámara are published on their website and listed in the entry on the pending applications list. The Certification Practices Statement is provided in Spanish, and translations of certain sections have been provided and reviewed. http://www.certicamara.com/templates/cc/images/dpc/DPCMarzo_09.pdf Section 7 [Validation]. Certicámara appears to meet the minimum requirements for subscriber verification, as follows: * Email: Certicámara verifies the ownership of the associated email address provided by the requester through a verification process based on an email confirmation message replayed by the requester with personal and confidential information. * SSL: Certicámara verifies the ownership of the domain name referenced in the certificate by using the whois service. * Code: Certicámara’s CPS describes reasonable measures to verify the identity and authorization of the certificate requester. Section 8-10 [Audit]. Section 8-10 [Audit]. Certicámara has been audited by Deloitte & Touche according to the WebTrust for CA criteria. The audit is up-to-date, and posted on the cert.webtrust.org website. Section 13 [Certificate Hierarchy]. The AC Raíz Certicámara S.A. root issues one internally-operated subordinate CA which issues certificates for SSL, code-signing, and email. Other: The CRLs generated by Certicámara have a validity period of 3 days. OCSP is not provided. Potentially problematic practices: None noted for the AC Raíz Certicámara S.A. root. Based on this assessment I recommend that Mozilla approve the request to add the AC Raíz Certicámara S.A. root certificate to NSS, and enable all three trust bits.
Thank you Kathleen for your help. Best Regards, Leonardo Maldonado Certicamara S.A.
To Kathleen: Thank you for your work on this request. To Mr. Maldonado and other representatives of Certicámara: Thank you for your cooperation and your patience. To all others who have commented on this bug here and in the public discussion forum: Thank you for volunteering your time to assist in reviewing this CA request. I have reviewed the summary and recommendation in comment #22, and on behalf of the Mozilla project I approve this request from Certicámara to add the following root certificate to NSS, with trust bits set as indicated: * AC Raíz Certicámara S.A. (email, SSL, code signing) Kathleen, could you please do the following: 1. File the necessary bug against NSS. 2. Mark this bug as dependent on the NSS bug. 4. When that bug is RESOLVED FIXED, change the status of this bug to RESOLVED FIXED as well. Thanks in advance!
Whiteboard: In public discussion → Approved
I have filed bug 486424 against NSS for the actual changes.
Depends on: 486424
Whiteboard: Approved → Approved - In NSS - Awaiting ?
Status: ASSIGNED → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
Whiteboard: Approved - In NSS - Awaiting ?
Product: mozilla.org → NSS
Product: NSS → CA Program
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: